1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/jitsi_ynh.git synced 2024-09-03 19:35:57 +02:00

enable LDAP authentication

This commit is contained in:
yalh76 2022-02-11 00:47:00 +01:00
parent a73ec7c023
commit 7962e1d49f
9 changed files with 32 additions and 5 deletions

View file

@ -1,6 +1,11 @@
# Jicofo HOCON configuration. See reference.conf in /usr/share/jicofo/jicofo.jar for # Jicofo HOCON configuration. See reference.conf in /usr/share/jicofo/jicofo.jar for
#available options, syntax, and default values. #available options, syntax, and default values.
jicofo { jicofo {
authentication: {
enabled: true
type: XMPP
login-url: __DOMAIN__
}
xmpp: { xmpp: {
client: { client: {
client-proxy: focus.__DOMAIN__ client-proxy: focus.__DOMAIN__

View file

@ -9,7 +9,7 @@ var config = {
domain: '__DOMAIN__', domain: '__DOMAIN__',
// When using authentication, domain for guest users. // When using authentication, domain for guest users.
// anonymousdomain: 'guest.example.com', anonymousdomain: 'guest.__DOMAIN__',
// Domain for authenticated users. Defaults to <domain>. // Domain for authenticated users. Defaults to <domain>.
// authdomain: '__DOMAIN__', // authdomain: '__DOMAIN__',

7
conf/mod_auth_ldap.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua
SOURCE_SUM=49c67ec86ec75ac8de93803be2ac7f907d1e9d3d22cd4c88fd48aaeed7a411e3
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=lua
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=mod_auth_ldap.lua
SOURCE_EXTRACT=false

View file

@ -27,7 +27,12 @@ unlimited_jids = {
VirtualHost "__DOMAIN__" VirtualHost "__DOMAIN__"
-- enabled = false -- Remove this line to enable this host -- enabled = false -- Remove this line to enable this host
authentication = "anonymous" authentication = "ldap"
ldap_server = "localhost"
ldap_filter = "(uid=$user)"
ldap_scope = "subtree"
ldap_base = "ou=users,dc=yunohost,dc=org"
ldap_mode = "bind"
-- Properties below are modified by jitsi-meet-tokens package config -- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token" -- and authentication above is switched to "token"
--app_id="example_app_id" --app_id="example_app_id"
@ -61,6 +66,10 @@ VirtualHost "__DOMAIN__"
main_muc = "conference.__DOMAIN__" main_muc = "conference.__DOMAIN__"
-- muc_lobby_whitelist = { "recorder.__DOMAIN__" } -- Here we can whitelist jibri to enter lobby enabled rooms -- muc_lobby_whitelist = { "recorder.__DOMAIN__" } -- Here we can whitelist jibri to enter lobby enabled rooms
VirtualHost "guest.__DOMAIN__"
authentication = "anonymous"
c2s_require_encryption = false
Component "conference.__DOMAIN__" "muc" Component "conference.__DOMAIN__" "muc"
restrict_room_creation = true restrict_room_creation = true
storage = "memory" storage = "memory"

View file

@ -3,3 +3,4 @@
1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld 1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld
2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) 2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
3. **Jitsi** will stop and disable Metronome XMPP. 3. **Jitsi** will stop and disable Metronome XMPP.
4. LDAP authentication is activated, only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain.

View file

@ -3,3 +3,4 @@
1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld 1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld
2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) 2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
3. **Jitsi** va arréter et désactiver le service XMPP Metronome. 3. **Jitsi** va arréter et désactiver le service XMPP Metronome.
4. L'authentification LDAP est activée, seuls les utilisateurs authentifiés peuvent créer de nouvelles salles de conférence. Chaque fois qu'une nouvelle salle est sur le point d'être créée, Jitsi Meet vous demandera un nom d'utilisateur et un mot de passe. Une fois la salle créée, d'autres personnes pourront la rejoindre à partir d'un domaine anonyme.

View file

@ -5,7 +5,7 @@
#================================================= #=================================================
# dependencies used by the app # dependencies used by the app
pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime" pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime lua-ldap"
#================================================= #=================================================
# PERSONAL HELPERS # PERSONAL HELPERS

View file

@ -143,6 +143,8 @@ do
ynh_secure_remove --file="$final_path/${package}_temp" ynh_secure_remove --file="$final_path/${package}_temp"
done done
ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
chmod 750 "$final_path" chmod 750 "$final_path"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path" chown -R $app:$app "$final_path"

View file

@ -114,6 +114,8 @@ then
mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/" mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/"
ynh_secure_remove --file="$final_path/${package}_temp" ynh_secure_remove --file="$final_path/${package}_temp"
done done
ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
fi fi
chmod 750 "$final_path" chmod 750 "$final_path"